Whatever the size of your company or your sector of activity, a great deal of personal data relating to your employees is required to manage their careers within your organization.
In particular, you need a great deal of information to ensure :
- remuneration and compulsory social security declarations;
- keeping the single personnel register;
- personnel administration (e.g. type of driving license held or emergency contact details);
- work organization (e.g. optional photograph of employee for internal directories and organization charts);
- social action taken by the employer (e.g. information concerning the employee’s dependents), etc.
When processing your employees’ personal data, you must guarantee their rights and ensure the security of this information.
Did you know that Amazon France Logistique was fined 32 million euros for failing to respect the rights of its employees?
In fact, it had set up an excessively intrusive system for monitoring employee activity and performance.
Let’s take a look at the reflexes you can adopt when managing your employees’ personal data:
Ne demandez à vos salariés que les informations utiles pour accomplir leurs missions
Avoid processing so-called “sensitive” data (trade union activity, political opinions, religion, ethnic origin, health). If you must process such data, special obligations apply.
You are bound to have specific (and therefore risky) information on your employees (bank details for payroll, social security number for social declarations, etc.). Make sure you guarantee their confidentiality and security.
Ensure the confidentiality and security of your employees’ data
Did you know that FREE was fined 300,000 euros for failing to ensure the security of personal data?
Only authorized persons must have access to personal data. Actions performed on data by authorized persons must be recorded (i.e. who connects to what, when and to do what).
Respect your employees’ rights
Every time you request information (e.g. administrative data update, training request, appraisal interview form, etc.) from your employees, they need to know the purpose and their rights regarding your processing of their personal data.
Finally, always remember that your employees can ask you for a copy of any data you hold about them.
In particular :
- a copy of a pay slip;
- the status of a time savings account;
- telephone records;
- time clock records;
- messages sent via professional e-mail, even when an employee is no longer in post or is in dispute with you.
In short, inform your employees and guarantee their right of access to data concerning them.
Raise awareness and train all your employees
Protecting your employees’ personal data is not a matter for lawyers or IT specialists. There are a number of simple points to bear in mind that can easily be implemented within your company.
To do this, you need to make them aware of :
- the rights of data subjects, so that requests received by any department are clearly identified, and a procedure for processing them by the right department is known and applied (e.g.: the customer service department receives a request to opt out of receiving advertising and forwards it to the department in charge of marketing);
- internal rules for managing personal data (e.g., you can only access the data you need, you must not disclose data to unauthorized third parties, archived files can only be accessed by certain people, you must regularly back up your files, etc.);
- basic security rules (e.g. complex personal log-ins and passwords, workstations locked when not in use, business documents not stored on personal tools, etc.).
As you’ve understood, compliance with the RGPD is an opportunity for your company to demonstrate your transparency in managing your employees’ personal data at all times.
It enables you to make all your employees aware of the rules to be followed in terms of data protection. Don’t forget to distribute your IT charter throughout your company.
Furthermore, with Klivar you can easily organize RGPD compliance within your organization. Our platform allows you to carry out your processing activities with peace of mind by being guided on the personal data you really need to be RGPD compliant.
